- You need a router-based VPN in 2025. Here's why and how to set one up
- You need a router-based VPN in 2025. How why and how to set one up
- How To Fight Scattered Spider Impersonating Calls to The IT Help Desk
- How to upgrade your 'incompatible' Windows 10 PC to Windows 11 in 2025
- Can you still get a Windows 10 upgrade for free in 2025? Short answer: Maybe
#IMOS21: Six Components of a Bug Bounty Program
Speaking at the Spring Infosecurity Magazine Online Summit, Sean Poris, director, product security at Verizon Media, explored how to run a bug bounty program, outlining the six components of a successful big bounty structure.
Poris explained that, by investing in bug bounties, organizations are potentially tapping into “hundreds of thousands of global hackers” that think about software and vulnerabilities in ways that internal staff might not.
He also said that knowing and understanding your objectives is key when it comes to running a bug bounty program, so organizations must have clear focus on “what they are trying to accomplish in standing up the program.” This should also include taking time to consider “what researchers will want from your program” and how you can work alongside them, along with the long-term goal of your program.
Once those aspects are established, Poris said there are six components to ensuring ongoing bug bounty success for an organization.
These six components are:
- Scope: what’s in, what’s out?
- Platform: report intake and communications
- Talent: hackers and teams
- Financials: budget, forecast and payments
- Operations: process, consistency and oversight (metrics)
- Policy: rules of the road, safe harbor and compliance
Ultimately, “a bug bounty program is a crowdsourcing initiative that rewards individuals for discovering and reporting software bugs,” and by taking a considered, federation-like approach, organizations can make a success of their bug bounty journeys.
